Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file4232024.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\aut25DE.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut264C.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ghauts
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hypopygidium
|
ASCII text, with very long lines (28720), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\LogfireblendeuGDOCADegvvshJYgdfgGWltXxnlOnThLThggfsEYSRpalmitic
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie
0xe, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\WebData
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie
0x36, schema 4, UTF-8, version-valid-for 8
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file4232024.exe
|
"C:\Users\user\Desktop\file4232024.exe"
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
"C:\Users\user\Desktop\file4232024.exe"
|
|
|
|
C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
|
C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
system
|
page execute and read and write
|
|
|
|
1FE0000
|
direct allocation
|
page read and write
|
|
|
|
5E0000
|
unkown
|
page readonly
|
||
|
3DD3000
|
direct allocation
|
page read and write
|
||
|
325F000
|
heap
|
page read and write
|
||
|
1425000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
3500000
|
heap
|
page readonly
|
||
|
325F000
|
heap
|
page read and write
|
||
|
3256000
|
heap
|
page read and write
|
||
|
13E6000
|
heap
|
page read and write
|
||
|
5B01000
|
heap
|
page read and write
|
||
|
1F9E000
|
stack
|
page read and write
|
||
|
6A3000
|
unkown
|
page write copy
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
3243000
|
heap
|
page read and write
|
||
|
3F79000
|
direct allocation
|
page read and write
|
||
|
1426000
|
heap
|
page read and write
|
||
|
1FB0000
|
heap
|
page read and write
|
||
|
11DB000
|
stack
|
page read and write
|
||
|
695000
|
unkown
|
page readonly
|
||
|
13A8000
|
heap
|
page read and write
|
||
|
3DF0000
|
direct allocation
|
page read and write
|
||
|
3900000
|
heap
|
page read and write
|
||
|
1426000
|
heap
|
page read and write
|
||
|
4F90000
|
heap
|
page read and write
|
||
|
69F000
|
unkown
|
page read and write
|
||
|
13E6000
|
heap
|
page read and write
|
||
|
1426000
|
heap
|
page read and write
|
||
|
1B9E000
|
stack
|
page read and write
|
||
|
325C000
|
heap
|
page read and write
|
||
|
11CE000
|
stack
|
page read and write
|
||
|
1411000
|
heap
|
page read and write
|
||
|
3E50000
|
direct allocation
|
page read and write
|
||
|
3F7D000
|
direct allocation
|
page read and write
|
||
|
1426000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
3C50000
|
direct allocation
|
page read and write
|
||
|
3268000
|
heap
|
page read and write
|
||
|
326A000
|
heap
|
page read and write
|
||
|
326A000
|
heap
|
page read and write
|
||
|
326F000
|
heap
|
page read and write
|
||
|
3F19000
|
direct allocation
|
page read and write
|
||
|
4F50000
|
heap
|
page read and write
|
||
|
3CB0000
|
direct allocation
|
page read and write
|
||
|
69F000
|
unkown
|
page write copy
|
||
|
2D5B000
|
stack
|
page read and write
|
||
|
13E5000
|
heap
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
3256000
|
heap
|
page read and write
|
||
|
1FD0000
|
direct allocation
|
page execute and read and write
|
||
|
11FC000
|
stack
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
3DF0000
|
direct allocation
|
page read and write
|
||
|
13D6000
|
heap
|
page read and write
|
||
|
3254000
|
heap
|
page read and write
|
||
|
13D6000
|
heap
|
page read and write
|
||
|
4FA0000
|
trusted library allocation
|
page execute read
|
||
|
324C000
|
heap
|
page read and write
|
||
|
5EFF000
|
stack
|
page read and write
|
||
|
1426000
|
heap
|
page read and write
|
||
|
5112000
|
heap
|
page read and write
|
||
|
326A000
|
heap
|
page read and write
|
||
|
1406000
|
heap
|
page read and write
|
||
|
1416000
|
heap
|
page read and write
|
||
|
13E7000
|
heap
|
page read and write
|
||
|
3256000
|
heap
|
page read and write
|
||
|
326A000
|
heap
|
page read and write
|
||
|
3FEE000
|
direct allocation
|
page read and write
|
||
|
325F000
|
heap
|
page read and write
|
||
|
325F000
|
heap
|
page read and write
|
||
|
1411000
|
heap
|
page read and write
|
||
|
3268000
|
heap
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
3301000
|
heap
|
page read and write
|
||
|
6A8000
|
unkown
|
page readonly
|
||
|
3DF0000
|
direct allocation
|
page read and write
|
||
|
5E1000
|
unkown
|
page execute read
|
||
|
3265000
|
heap
|
page read and write
|
||
|
3269000
|
heap
|
page read and write
|
||
|
3305000
|
heap
|
page read and write
|
||
|
5100000
|
heap
|
page read and write
|
||
|
1401000
|
heap
|
page read and write
|
||
|
5116000
|
heap
|
page read and write
|
||
|
1411000
|
heap
|
page read and write
|
||
|
13E5000
|
heap
|
page read and write
|
||
|
364E000
|
stack
|
page read and write
|
||
|
3F1D000
|
direct allocation
|
page read and write
|
||
|
1421000
|
heap
|
page read and write
|
||
|
13E5000
|
heap
|
page read and write
|
||
|
3261000
|
heap
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
695000
|
unkown
|
page readonly
|
||
|
AEA000
|
stack
|
page read and write
|
||
|
146E000
|
heap
|
page read and write
|
||
|
1406000
|
heap
|
page read and write
|
||
|
1411000
|
heap
|
page read and write
|
||
|
2040000
|
heap
|
page read and write
|
||
|
5001000
|
heap
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
11BE000
|
stack
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
326A000
|
heap
|
page read and write
|
||
|
3212000
|
heap
|
page read and write
|
||
|
325B000
|
heap
|
page read and write
|
||
|
3273000
|
heap
|
page read and write
|
||
|
3272000
|
heap
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
3002000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
6A8000
|
unkown
|
page readonly
|
||
|
5E0000
|
unkown
|
page readonly
|
||
|
1426000
|
heap
|
page read and write
|
||
|
1426000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
13E6000
|
heap
|
page read and write
|
||
|
1426000
|
heap
|
page read and write
|
||
|
13D6000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
360E000
|
stack
|
page read and write
|
||
|
13E7000
|
heap
|
page read and write
|
||
|
66F000
|
unkown
|
page readonly
|
||
|
3F8E000
|
direct allocation
|
page read and write
|
||
|
3247000
|
heap
|
page read and write
|
||
|
1411000
|
heap
|
page read and write
|
||
|
3265000
|
heap
|
page read and write
|
||
|
35CE000
|
stack
|
page read and write
|
||
|
13C7000
|
heap
|
page read and write
|
||
|
324F000
|
heap
|
page read and write
|
||
|
1426000
|
heap
|
page read and write
|
||
|
130E000
|
stack
|
page read and write
|
||
|
325F000
|
heap
|
page read and write
|
||
|
5DFF000
|
stack
|
page read and write
|
||
|
3D73000
|
direct allocation
|
page read and write
|
||
|
327B000
|
heap
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
326A000
|
heap
|
page read and write
|
||
|
3F7D000
|
direct allocation
|
page read and write
|
||
|
3E50000
|
direct allocation
|
page read and write
|
||
|
3F8E000
|
direct allocation
|
page read and write
|
||
|
3C50000
|
direct allocation
|
page read and write
|
||
|
3252000
|
heap
|
page read and write
|
||
|
3261000
|
heap
|
page read and write
|
||
|
3259000
|
heap
|
page read and write
|
||
|
5E1000
|
unkown
|
page execute read
|
||
|
3268000
|
heap
|
page read and write
|
||
|
3265000
|
heap
|
page read and write
|
||
|
3D73000
|
direct allocation
|
page read and write
|
||
|
2D9B000
|
stack
|
page read and write
|
||
|
1427000
|
heap
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
3C50000
|
direct allocation
|
page read and write
|
||
|
3FEE000
|
direct allocation
|
page read and write
|
||
|
1411000
|
heap
|
page read and write
|
||
|
66F000
|
unkown
|
page readonly
|
||
|
3F8E000
|
direct allocation
|
page read and write
|
||
|
B9D000
|
stack
|
page read and write
|
||
|
146E000
|
heap
|
page read and write
|
||
|
1426000
|
heap
|
page read and write
|
||
|
3F79000
|
direct allocation
|
page read and write
|
||
|
3247000
|
heap
|
page read and write
|
||
|
327D000
|
heap
|
page read and write
|
||
|
3265000
|
heap
|
page read and write
|
||
|
1416000
|
heap
|
page read and write
|
||
|
3272000
|
heap
|
page read and write
|
||
|
3281000
|
heap
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
3F79000
|
direct allocation
|
page read and write
|
||
|
374F000
|
stack
|
page read and write
|
||
|
326E000
|
heap
|
page read and write
|
||
|
5CFF000
|
stack
|
page read and write
|
||
|
3F1D000
|
direct allocation
|
page read and write
|
||
|
326E000
|
heap
|
page read and write
|
||
|
3F19000
|
direct allocation
|
page read and write
|
||
|
322D000
|
heap
|
page read and write
|
||
|
3F19000
|
direct allocation
|
page read and write
|
||
|
4F80000
|
heap
|
page read and write
|
||
|
1406000
|
heap
|
page read and write
|
||
|
356E000
|
stack
|
page read and write
|
||
|
326E000
|
heap
|
page read and write
|
||
|
324C000
|
heap
|
page read and write
|
||
|
3267000
|
heap
|
page read and write
|
||
|
5A01000
|
heap
|
page read and write
|
||
|
3E50000
|
direct allocation
|
page read and write
|
||
|
3CB0000
|
direct allocation
|
page read and write
|
||
|
324B000
|
heap
|
page read and write
|
||
|
5FFF000
|
stack
|
page read and write
|
||
|
1426000
|
heap
|
page read and write
|
||
|
3F1D000
|
direct allocation
|
page read and write
|
||
|
3DD3000
|
direct allocation
|
page read and write
|
||
|
3FEE000
|
direct allocation
|
page read and write
|
||
|
378E000
|
stack
|
page read and write
|
||
|
3904000
|
heap
|
page read and write
|
||
|
1426000
|
heap
|
page read and write
|
||
|
3F7D000
|
direct allocation
|
page read and write
|
||
|
3D73000
|
direct allocation
|
page read and write
|
||
|
3CB0000
|
direct allocation
|
page read and write
|
||
|
2017000
|
direct allocation
|
page read and write
|
||
|
13E6000
|
heap
|
page read and write
|
||
|
326F000
|
heap
|
page read and write
|
||
|
326D000
|
heap
|
page read and write
|
||
|
3DD3000
|
direct allocation
|
page read and write
|
There are 194 hidden memdumps, click here to show them.